Exemplo n.º 1
0
    def setPrincipals(self, prinlist, check=True):
        parent = self.__parent__
        old = self._principals
        self._principals = tuple(prinlist)

        if parent is not None:
            oldset = set(old)
            new = set(prinlist)
            group_id = parent._groupid(self)

            for principal_id in oldset - new:
                try:
                    parent._removePrincipalFromGroup(principal_id, group_id)
                except AttributeError:
                    pass

            for principal_id in new - oldset:
                try:
                    parent._addPrincipalToGroup(principal_id, group_id)
                except AttributeError:
                    pass

            if check:
                try:
                    nocycles(new, [], zapi.principals().getPrincipal)
                except GroupCycle:
                    # abort
                    self.setPrincipals(old, False)
                    raise
Exemplo n.º 2
0
    def getTerm(self, principal_id):
        if principal_id not in self.context:
            raise LookupError(principal_id)

        auth = zapi.principals()
        principal = auth.getPrincipal(principal_id)

        if principal is None:
            raise LookupError(principal_id)

        return Term(principal_id.encode("base64").strip().replace("=", "_"), principal.title)
Exemplo n.º 3
0
    def issueChallenge(self):
        # Set the error status to 403 (Forbidden) in the case when we don't
        # challenge the user
        self.request.response.setStatus(403)

        # make sure that squid does not keep the response in the cache
        self.request.response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT')
        self.request.response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate')
        self.request.response.setHeader('Pragma', 'no-cache')
        
        principal = self.request.principal
        auth = zapi.principals()
        auth.unauthorized(principal.id, self.request)
Exemplo n.º 4
0
    def setPrincipals(self, prinlist, check=True):
        # method is not a part of the interface
        parent = self.__parent__
        old = self._principals
        self._principals = tuple(prinlist)

        if parent is not None:
            oldset = set(old)
            new = set(prinlist)
            group_id = parent._groupid(self)
            removed = oldset - new
            added = new - oldset
            try:
                parent._removePrincipalsFromGroup(removed, group_id)
            except AttributeError:
                removed = None

            try:
                parent._addPrincipalsToGroup(added, group_id)
            except AttributeError:
                added = None

            if check:
                try:
                    nocycles(new, [], zapi.principals().getPrincipal)
                except GroupCycle:
                    # abort
                    self.setPrincipals(old, False)
                    raise
            # now that we've gotten past the checks, fire the events.
            if removed:
                event.notify(
                    interfaces.PrincipalsRemovedFromGroup(
                        removed, self.__parent__.__parent__.prefix + group_id))
            if added:
                event.notify(
                    interfaces.PrincipalsAddedToGroup(
                        added, self.__parent__.__parent__.prefix + group_id))